1 |
fbf672cb
|
Matthew Grooms
|
<?php
|
2 |
|
|
/*
|
3 |
ce77a9c4
|
Phil Davis
|
system_authservers.php
|
4 |
fbf672cb
|
Matthew Grooms
|
*/
|
5 |
ac9d8bed
|
Stephen Beaver
|
/* ====================================================================
|
6 |
|
|
* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
|
7 |
|
|
* Copyright (c) 2004, 2005 Scott Ullrich
|
8 |
df8fca9d
|
Stephen Beaver
|
* Copyright (c) 2008 Shrew Soft Inc.
|
9 |
|
|
* Copyright (c) 2010 Ermal Luçi
|
10 |
ac9d8bed
|
Stephen Beaver
|
*
|
11 |
|
|
* Redistribution and use in source and binary forms, with or without modification,
|
12 |
|
|
* are permitted provided that the following conditions are met:
|
13 |
|
|
*
|
14 |
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
15 |
|
|
* this list of conditions and the following disclaimer.
|
16 |
|
|
*
|
17 |
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
18 |
|
|
* notice, this list of conditions and the following disclaimer in
|
19 |
|
|
* the documentation and/or other materials provided with the
|
20 |
|
|
* distribution.
|
21 |
|
|
*
|
22 |
|
|
* 3. All advertising materials mentioning features or use of this software
|
23 |
|
|
* must display the following acknowledgment:
|
24 |
|
|
* "This product includes software developed by the pfSense Project
|
25 |
|
|
* for use in the pfSense software distribution. (http://www.pfsense.org/).
|
26 |
|
|
*
|
27 |
|
|
* 4. The names "pfSense" and "pfSense Project" must not be used to
|
28 |
|
|
* endorse or promote products derived from this software without
|
29 |
|
|
* prior written permission. For written permission, please contact
|
30 |
|
|
* coreteam@pfsense.org.
|
31 |
|
|
*
|
32 |
|
|
* 5. Products derived from this software may not be called "pfSense"
|
33 |
|
|
* nor may "pfSense" appear in their names without prior written
|
34 |
|
|
* permission of the Electric Sheep Fencing, LLC.
|
35 |
|
|
*
|
36 |
|
|
* 6. Redistributions of any form whatsoever must retain the following
|
37 |
|
|
* acknowledgment:
|
38 |
|
|
*
|
39 |
|
|
* "This product includes software developed by the pfSense Project
|
40 |
|
|
* for use in the pfSense software distribution (http://www.pfsense.org/).
|
41 |
|
|
*
|
42 |
|
|
* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
|
43 |
|
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
44 |
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
45 |
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
|
46 |
|
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
47 |
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
48 |
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
49 |
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
50 |
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
51 |
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
52 |
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
53 |
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
54 |
|
|
*
|
55 |
|
|
* ====================================================================
|
56 |
|
|
*
|
57 |
|
|
*/
|
58 |
1d333258
|
Scott Ullrich
|
/*
|
59 |
ac9d8bed
|
Stephen Beaver
|
pfSense_MODULE: auth
|
60 |
1d333258
|
Scott Ullrich
|
*/
|
61 |
fbf672cb
|
Matthew Grooms
|
|
62 |
|
|
##|+PRIV
|
63 |
|
|
##|*IDENT=page-system-authservers
|
64 |
|
|
##|*NAME=System: Authentication Servers
|
65 |
|
|
##|*DESCR=Allow access to the 'System: Authentication Servers' page.
|
66 |
|
|
##|*MATCH=system_authservers.php*
|
67 |
|
|
##|-PRIV
|
68 |
|
|
|
69 |
|
|
require("guiconfig.inc");
|
70 |
acee624f
|
Ermal Lu?i
|
require_once("auth.inc");
|
71 |
fbf672cb
|
Matthew Grooms
|
|
72 |
257705ca
|
Renato Botelho
|
$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
|
73 |
d71fc5d3
|
jim-p
|
$shortcut_section = "authentication";
|
74 |
fbf672cb
|
Matthew Grooms
|
|
75 |
2ee8dea1
|
Phil Davis
|
if (is_numericint($_GET['id'])) {
|
76 |
e41ec584
|
Renato Botelho
|
$id = $_GET['id'];
|
77 |
2ee8dea1
|
Phil Davis
|
}
|
78 |
|
|
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
|
79 |
fbf672cb
|
Matthew Grooms
|
$id = $_POST['id'];
|
80 |
2ee8dea1
|
Phil Davis
|
}
|
81 |
fbf672cb
|
Matthew Grooms
|
|
82 |
2ee8dea1
|
Phil Davis
|
if (!is_array($config['system']['authserver'])) {
|
83 |
fbf672cb
|
Matthew Grooms
|
$config['system']['authserver'] = array();
|
84 |
2ee8dea1
|
Phil Davis
|
}
|
85 |
fbf672cb
|
Matthew Grooms
|
|
86 |
6306b5dd
|
Ermal Lu?i
|
$a_servers = auth_get_authserver_list();
|
87 |
2ee8dea1
|
Phil Davis
|
foreach ($a_servers as $servers) {
|
88 |
6306b5dd
|
Ermal Lu?i
|
$a_server[] = $servers;
|
89 |
2ee8dea1
|
Phil Davis
|
}
|
90 |
fbf672cb
|
Matthew Grooms
|
|
91 |
2ee8dea1
|
Phil Davis
|
if (!is_array($config['ca'])) {
|
92 |
a0165602
|
Sjon Hortensius
|
$config['ca'] = array();
|
93 |
2ee8dea1
|
Phil Davis
|
}
|
94 |
fe2031ab
|
Ermal
|
$a_ca =& $config['ca'];
|
95 |
|
|
|
96 |
fbf672cb
|
Matthew Grooms
|
$act = $_GET['act'];
|
97 |
2ee8dea1
|
Phil Davis
|
if ($_POST['act']) {
|
98 |
fbf672cb
|
Matthew Grooms
|
$act = $_POST['act'];
|
99 |
2ee8dea1
|
Phil Davis
|
}
|
100 |
fbf672cb
|
Matthew Grooms
|
|
101 |
|
|
if ($act == "del") {
|
102 |
|
|
|
103 |
|
|
if (!$a_server[$_GET['id']]) {
|
104 |
|
|
pfSenseHeader("system_authservers.php");
|
105 |
|
|
exit;
|
106 |
|
|
}
|
107 |
|
|
|
108 |
9db6993f
|
jim-p
|
/* Remove server from main list. */
|
109 |
fbf672cb
|
Matthew Grooms
|
$serverdeleted = $a_server[$_GET['id']]['name'];
|
110 |
9db6993f
|
jim-p
|
foreach ($config['system']['authserver'] as $k => $as) {
|
111 |
2ee8dea1
|
Phil Davis
|
if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
|
112 |
9db6993f
|
jim-p
|
unset($config['system']['authserver'][$k]);
|
113 |
2ee8dea1
|
Phil Davis
|
}
|
114 |
9db6993f
|
jim-p
|
}
|
115 |
|
|
|
116 |
|
|
/* Remove server from temp list used later on this page. */
|
117 |
fbf672cb
|
Matthew Grooms
|
unset($a_server[$_GET['id']]);
|
118 |
9db6993f
|
jim-p
|
|
119 |
2ee8dea1
|
Phil Davis
|
$savemsg = gettext("Authentication Server") . " " . htmlspecialchars($serverdeleted) . " " . gettext("deleted") . "<br />";
|
120 |
9db6993f
|
jim-p
|
write_config($savemsg);
|
121 |
fbf672cb
|
Matthew Grooms
|
}
|
122 |
|
|
|
123 |
|
|
if ($act == "edit") {
|
124 |
|
|
if (isset($id) && $a_server[$id]) {
|
125 |
|
|
|
126 |
|
|
$pconfig['type'] = $a_server[$id]['type'];
|
127 |
|
|
$pconfig['name'] = $a_server[$id]['name'];
|
128 |
|
|
|
129 |
|
|
if ($pconfig['type'] == "ldap") {
|
130 |
fe2031ab
|
Ermal
|
$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
|
131 |
fbf672cb
|
Matthew Grooms
|
$pconfig['ldap_host'] = $a_server[$id]['host'];
|
132 |
|
|
$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
|
133 |
d6b4dfe3
|
jim-p
|
$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
|
134 |
fbf672cb
|
Matthew Grooms
|
$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
|
135 |
|
|
$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
|
136 |
|
|
$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
|
137 |
|
|
$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
|
138 |
c61e4626
|
Ermal Lu?i
|
$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
|
139 |
c7073ebf
|
namezero111111
|
$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
|
140 |
|
|
$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
|
141 |
fbf672cb
|
Matthew Grooms
|
$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
|
142 |
|
|
$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
|
143 |
|
|
$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
|
144 |
|
|
$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
|
145 |
|
|
$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
|
146 |
149efbea
|
jim-p
|
$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
|
147 |
a5cd1c5a
|
jim-p
|
$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
|
148 |
|
|
$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
|
149 |
149efbea
|
jim-p
|
$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
|
150 |
fbf672cb
|
Matthew Grooms
|
|
151 |
2ee8dea1
|
Phil Davis
|
if (!$pconfig['ldap_binddn'] || !$pconfig['ldap_bindpw']) {
|
152 |
fbf672cb
|
Matthew Grooms
|
$pconfig['ldap_anon'] = true;
|
153 |
2ee8dea1
|
Phil Davis
|
}
|
154 |
fbf672cb
|
Matthew Grooms
|
}
|
155 |
|
|
|
156 |
|
|
if ($pconfig['type'] == "radius") {
|
157 |
|
|
$pconfig['radius_host'] = $a_server[$id]['host'];
|
158 |
|
|
$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
|
159 |
|
|
$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
|
160 |
e8a58de4
|
Ermal Lu?i
|
$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
|
161 |
bddd2be8
|
jim-p
|
$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
|
162 |
fbf672cb
|
Matthew Grooms
|
|
163 |
|
|
if ($pconfig['radius_auth_port'] &&
|
164 |
ac9d8bed
|
Stephen Beaver
|
$pconfig['radius_acct_port']) {
|
165 |
fbf672cb
|
Matthew Grooms
|
$pconfig['radius_srvcs'] = "both";
|
166 |
|
|
}
|
167 |
|
|
|
168 |
2ee8dea1
|
Phil Davis
|
if ($pconfig['radius_auth_port'] &&
|
169 |
ac9d8bed
|
Stephen Beaver
|
!$pconfig['radius_acct_port']) {
|
170 |
fbf672cb
|
Matthew Grooms
|
$pconfig['radius_srvcs'] = "auth";
|
171 |
acee624f
|
Ermal Lu?i
|
$pconfig['radius_acct_port'] = 1813;
|
172 |
fbf672cb
|
Matthew Grooms
|
}
|
173 |
|
|
|
174 |
|
|
if (!$pconfig['radius_auth_port'] &&
|
175 |
ac9d8bed
|
Stephen Beaver
|
$pconfig['radius_acct_port']) {
|
176 |
fbf672cb
|
Matthew Grooms
|
$pconfig['radius_srvcs'] = "acct";
|
177 |
acee624f
|
Ermal Lu?i
|
$pconfig['radius_auth_port'] = 1812;
|
178 |
fbf672cb
|
Matthew Grooms
|
}
|
179 |
|
|
|
180 |
|
|
}
|
181 |
|
|
}
|
182 |
|
|
}
|
183 |
|
|
|
184 |
|
|
if ($act == "new") {
|
185 |
|
|
$pconfig['ldap_protver'] = 3;
|
186 |
|
|
$pconfig['ldap_anon'] = true;
|
187 |
|
|
$pconfig['radius_srvcs'] = "both";
|
188 |
acee624f
|
Ermal Lu?i
|
$pconfig['radius_auth_port'] = "1812";
|
189 |
|
|
$pconfig['radius_acct_port'] = "1813";
|
190 |
fbf672cb
|
Matthew Grooms
|
}
|
191 |
|
|
|
192 |
|
|
if ($_POST) {
|
193 |
|
|
unset($input_errors);
|
194 |
|
|
$pconfig = $_POST;
|
195 |
|
|
|
196 |
|
|
/* input validation */
|
197 |
|
|
|
198 |
|
|
if ($pconfig['type'] == "ldap") {
|
199 |
2ee8dea1
|
Phil Davis
|
$reqdfields = explode(" ",
|
200 |
|
|
"name type ldap_host ldap_port " .
|
201 |
|
|
"ldap_urltype ldap_protver ldap_scope " .
|
202 |
|
|
"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
|
203 |
7b4b0ad3
|
Stephen Beaver
|
|
204 |
257705ca
|
Renato Botelho
|
$reqdfieldsn = array(
|
205 |
|
|
gettext("Descriptive name"),
|
206 |
|
|
gettext("Type"),
|
207 |
|
|
gettext("Hostname or IP"),
|
208 |
|
|
gettext("Port value"),
|
209 |
|
|
gettext("Transport"),
|
210 |
|
|
gettext("Protocol version"),
|
211 |
|
|
gettext("Search level"),
|
212 |
|
|
gettext("User naming Attribute"),
|
213 |
|
|
gettext("Group naming Attribute"),
|
214 |
|
|
gettext("Group member attribute"),
|
215 |
|
|
gettext("Authentication container"));
|
216 |
fbf672cb
|
Matthew Grooms
|
|
217 |
|
|
if (!$pconfig['ldap_anon']) {
|
218 |
|
|
$reqdfields[] = "ldap_binddn";
|
219 |
|
|
$reqdfields[] = "ldap_bindpw";
|
220 |
257705ca
|
Renato Botelho
|
$reqdfieldsn[] = gettext("Bind user DN");
|
221 |
|
|
$reqdfieldsn[] = gettext("Bind Password");
|
222 |
fbf672cb
|
Matthew Grooms
|
}
|
223 |
|
|
}
|
224 |
|
|
|
225 |
|
|
if ($pconfig['type'] == "radius") {
|
226 |
|
|
$reqdfields = explode(" ", "name type radius_host radius_srvcs");
|
227 |
257705ca
|
Renato Botelho
|
$reqdfieldsn = array(
|
228 |
|
|
gettext("Descriptive name"),
|
229 |
|
|
gettext("Type"),
|
230 |
|
|
gettext("Hostname or IP"),
|
231 |
|
|
gettext("Services"));
|
232 |
fbf672cb
|
Matthew Grooms
|
|
233 |
|
|
if ($pconfig['radisu_srvcs'] == "both" ||
|
234 |
ac9d8bed
|
Stephen Beaver
|
$pconfig['radisu_srvcs'] == "auth") {
|
235 |
fbf672cb
|
Matthew Grooms
|
$reqdfields[] = "radius_auth_port";
|
236 |
81ec3187
|
Chris Buechler
|
$reqdfieldsn[] = gettext("Authentication port");
|
237 |
fbf672cb
|
Matthew Grooms
|
}
|
238 |
|
|
|
239 |
|
|
if ($pconfig['radisu_srvcs'] == "both" ||
|
240 |
ac9d8bed
|
Stephen Beaver
|
$pconfig['radisu_srvcs'] == "acct") {
|
241 |
fbf672cb
|
Matthew Grooms
|
$reqdfields[] = "radius_acct_port";
|
242 |
81ec3187
|
Chris Buechler
|
$reqdfieldsn[] = gettext("Accounting port");
|
243 |
fbf672cb
|
Matthew Grooms
|
}
|
244 |
|
|
|
245 |
|
|
if (!isset($id)) {
|
246 |
|
|
$reqdfields[] = "radius_secret";
|
247 |
257705ca
|
Renato Botelho
|
$reqdfieldsn[] = gettext("Shared Secret");
|
248 |
fbf672cb
|
Matthew Grooms
|
}
|
249 |
|
|
}
|
250 |
|
|
|
251 |
1e9b4611
|
Renato Botelho
|
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
|
252 |
fbf672cb
|
Matthew Grooms
|
|
253 |
2ee8dea1
|
Phil Davis
|
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
|
254 |
fbf672cb
|
Matthew Grooms
|
$input_errors[] = gettext("The host name contains invalid characters.");
|
255 |
2ee8dea1
|
Phil Davis
|
}
|
256 |
fbf672cb
|
Matthew Grooms
|
|
257 |
2ee8dea1
|
Phil Davis
|
if (auth_get_authserver($pconfig['name']) && !isset($id)) {
|
258 |
257705ca
|
Renato Botelho
|
$input_errors[] = gettext("An authentication server with the same name already exists.");
|
259 |
2ee8dea1
|
Phil Davis
|
}
|
260 |
acee624f
|
Ermal Lu?i
|
|
261 |
d6b4dfe3
|
jim-p
|
if (($pconfig['type'] == "ldap") || ($pconfig['type'] == "radius")) {
|
262 |
|
|
$to_field = "{$pconfig['type']}_timeout";
|
263 |
|
|
if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) || (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
|
264 |
|
|
$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
|
265 |
|
|
}
|
266 |
2ee8dea1
|
Phil Davis
|
}
|
267 |
bddd2be8
|
jim-p
|
|
268 |
fbf672cb
|
Matthew Grooms
|
/* if this is an AJAX caller then handle via JSON */
|
269 |
|
|
if (isAjax() && is_array($input_errors)) {
|
270 |
|
|
input_errors2Ajax($input_errors);
|
271 |
|
|
exit;
|
272 |
|
|
}
|
273 |
|
|
|
274 |
|
|
if (!$input_errors) {
|
275 |
|
|
$server = array();
|
276 |
|
|
$server['refid'] = uniqid();
|
277 |
2ee8dea1
|
Phil Davis
|
if (isset($id) && $a_server[$id]) {
|
278 |
fbf672cb
|
Matthew Grooms
|
$server = $a_server[$id];
|
279 |
2ee8dea1
|
Phil Davis
|
}
|
280 |
fbf672cb
|
Matthew Grooms
|
|
281 |
|
|
$server['type'] = $pconfig['type'];
|
282 |
|
|
$server['name'] = $pconfig['name'];
|
283 |
|
|
|
284 |
|
|
if ($server['type'] == "ldap") {
|
285 |
|
|
|
286 |
2ee8dea1
|
Phil Davis
|
if (!empty($pconfig['ldap_caref'])) {
|
287 |
fe2031ab
|
Ermal
|
$server['ldap_caref'] = $pconfig['ldap_caref'];
|
288 |
2ee8dea1
|
Phil Davis
|
}
|
289 |
fbf672cb
|
Matthew Grooms
|
$server['host'] = $pconfig['ldap_host'];
|
290 |
|
|
$server['ldap_port'] = $pconfig['ldap_port'];
|
291 |
|
|
$server['ldap_urltype'] = $pconfig['ldap_urltype'];
|
292 |
|
|
$server['ldap_protver'] = $pconfig['ldap_protver'];
|
293 |
|
|
$server['ldap_scope'] = $pconfig['ldap_scope'];
|
294 |
|
|
$server['ldap_basedn'] = $pconfig['ldap_basedn'];
|
295 |
c61e4626
|
Ermal Lu?i
|
$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
|
296 |
c7073ebf
|
namezero111111
|
$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
|
297 |
|
|
$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
|
298 |
fbf672cb
|
Matthew Grooms
|
$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
|
299 |
|
|
$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
|
300 |
|
|
$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
|
301 |
149efbea
|
jim-p
|
|
302 |
|
|
$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
|
303 |
|
|
|
304 |
2ee8dea1
|
Phil Davis
|
if ($pconfig['ldap_utf8'] == "yes") {
|
305 |
a5cd1c5a
|
jim-p
|
$server['ldap_utf8'] = true;
|
306 |
2ee8dea1
|
Phil Davis
|
} else {
|
307 |
a5cd1c5a
|
jim-p
|
unset($server['ldap_utf8']);
|
308 |
2ee8dea1
|
Phil Davis
|
}
|
309 |
|
|
if ($pconfig['ldap_nostrip_at'] == "yes") {
|
310 |
a5cd1c5a
|
jim-p
|
$server['ldap_nostrip_at'] = true;
|
311 |
2ee8dea1
|
Phil Davis
|
} else {
|
312 |
a5cd1c5a
|
jim-p
|
unset($server['ldap_nostrip_at']);
|
313 |
2ee8dea1
|
Phil Davis
|
}
|
314 |
149efbea
|
jim-p
|
if ($pconfig['ldap_rfc2307'] == "yes") {
|
315 |
|
|
$server['ldap_rfc2307'] = true;
|
316 |
|
|
} else {
|
317 |
|
|
unset($server['ldap_rfc2307']);
|
318 |
|
|
}
|
319 |
a5cd1c5a
|
jim-p
|
|
320 |
fbf672cb
|
Matthew Grooms
|
|
321 |
|
|
if (!$pconfig['ldap_anon']) {
|
322 |
|
|
$server['ldap_binddn'] = $pconfig['ldap_binddn'];
|
323 |
|
|
$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
|
324 |
|
|
} else {
|
325 |
|
|
unset($server['ldap_binddn']);
|
326 |
|
|
unset($server['ldap_bindpw']);
|
327 |
|
|
}
|
328 |
d6b4dfe3
|
jim-p
|
|
329 |
|
|
if ($pconfig['ldap_timeout']) {
|
330 |
|
|
$server['ldap_timeout'] = $pconfig['ldap_timeout'];
|
331 |
|
|
} else {
|
332 |
|
|
$server['ldap_timeout'] = 25;
|
333 |
|
|
}
|
334 |
fbf672cb
|
Matthew Grooms
|
}
|
335 |
|
|
|
336 |
|
|
if ($server['type'] == "radius") {
|
337 |
|
|
|
338 |
|
|
$server['host'] = $pconfig['radius_host'];
|
339 |
|
|
|
340 |
2ee8dea1
|
Phil Davis
|
if ($pconfig['radius_secret']) {
|
341 |
fbf672cb
|
Matthew Grooms
|
$server['radius_secret'] = $pconfig['radius_secret'];
|
342 |
2ee8dea1
|
Phil Davis
|
}
|
343 |
fbf672cb
|
Matthew Grooms
|
|
344 |
2ee8dea1
|
Phil Davis
|
if ($pconfig['radius_timeout']) {
|
345 |
bddd2be8
|
jim-p
|
$server['radius_timeout'] = $pconfig['radius_timeout'];
|
346 |
2ee8dea1
|
Phil Davis
|
} else {
|
347 |
afdf29d3
|
jim-p
|
$server['radius_timeout'] = 5;
|
348 |
2ee8dea1
|
Phil Davis
|
}
|
349 |
bddd2be8
|
jim-p
|
|
350 |
fbf672cb
|
Matthew Grooms
|
if ($pconfig['radius_srvcs'] == "both") {
|
351 |
|
|
$server['radius_auth_port'] = $pconfig['radius_auth_port'];
|
352 |
|
|
$server['radius_acct_port'] = $pconfig['radius_acct_port'];
|
353 |
|
|
}
|
354 |
|
|
|
355 |
|
|
if ($pconfig['radius_srvcs'] == "auth") {
|
356 |
|
|
$server['radius_auth_port'] = $pconfig['radius_auth_port'];
|
357 |
|
|
unset($server['radius_acct_port']);
|
358 |
|
|
}
|
359 |
|
|
|
360 |
|
|
if ($pconfig['radius_srvcs'] == "acct") {
|
361 |
|
|
$server['radius_acct_port'] = $pconfig['radius_acct_port'];
|
362 |
|
|
unset($server['radius_auth_port']);
|
363 |
|
|
}
|
364 |
|
|
}
|
365 |
|
|
|
366 |
2ee8dea1
|
Phil Davis
|
if (isset($id) && $config['system']['authserver'][$id]) {
|
367 |
6306b5dd
|
Ermal Lu?i
|
$config['system']['authserver'][$id] = $server;
|
368 |
2ee8dea1
|
Phil Davis
|
} else {
|
369 |
6306b5dd
|
Ermal Lu?i
|
$config['system']['authserver'][] = $server;
|
370 |
2ee8dea1
|
Phil Davis
|
}
|
371 |
fbf672cb
|
Matthew Grooms
|
|
372 |
|
|
write_config();
|
373 |
|
|
|
374 |
|
|
pfSenseHeader("system_authservers.php");
|
375 |
|
|
}
|
376 |
|
|
}
|
377 |
|
|
|
378 |
1d3259b5
|
Stephen Beaver
|
// On error, restore the form contents so the user doesn't have to re-enter too much
|
379 |
504bd882
|
Stephen Beaver
|
if($_POST && $input_errors) {
|
380 |
|
|
$pconfig = $_POST;
|
381 |
|
|
$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
|
382 |
b1f0f7e1
|
Stephen Beaver
|
$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
|
383 |
504bd882
|
Stephen Beaver
|
}
|
384 |
|
|
|
385 |
fbf672cb
|
Matthew Grooms
|
include("head.inc");
|
386 |
|
|
|
387 |
a0165602
|
Sjon Hortensius
|
if ($input_errors)
|
388 |
|
|
print_input_errors($input_errors);
|
389 |
7b4b0ad3
|
Stephen Beaver
|
|
390 |
a0165602
|
Sjon Hortensius
|
if ($savemsg)
|
391 |
ea342b0f
|
Stephen Beaver
|
print_info_box($savemsg, 'success');
|
392 |
a0165602
|
Sjon Hortensius
|
|
393 |
|
|
$tab_array = array();
|
394 |
|
|
$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
|
395 |
|
|
$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
|
396 |
|
|
$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
|
397 |
|
|
$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
|
398 |
|
|
display_top_tabs($tab_array);
|
399 |
|
|
|
400 |
|
|
if (!($act == "new" || $act == "edit" || $input_errors))
|
401 |
|
|
{
|
402 |
|
|
?>
|
403 |
94404d94
|
Sander van Leeuwen
|
<div class="table-responsive">
|
404 |
|
|
<table class="table table-striped table-hover">
|
405 |
|
|
<thead>
|
406 |
|
|
<tr>
|
407 |
|
|
<th><?=gettext("Server Name")?></th>
|
408 |
|
|
<th><?=gettext("Type")?></th>
|
409 |
|
|
<th><?=gettext("Host Name")?></th>
|
410 |
782922c2
|
Stephen Beaver
|
<th><?=gettext("Actions")?></th>
|
411 |
94404d94
|
Sander van Leeuwen
|
</tr>
|
412 |
|
|
</thead>
|
413 |
|
|
<tbody>
|
414 |
|
|
<?php foreach($a_server as $i => $server): ?>
|
415 |
|
|
<tr>
|
416 |
|
|
<td><?=htmlspecialchars($server['name'])?></td>
|
417 |
|
|
<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
|
418 |
|
|
<td><?=htmlspecialchars($server['host'])?></td>
|
419 |
|
|
<td>
|
420 |
|
|
<?php if ($i < (count($a_server) - 1)): ?>
|
421 |
f9dd6a4b
|
heper
|
<a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
|
422 |
33f0b0d5
|
Stephen Beaver
|
<a class="fa fa-trash" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>"></a>
|
423 |
94404d94
|
Sander van Leeuwen
|
<?php endif?>
|
424 |
|
|
</td>
|
425 |
|
|
</tr>
|
426 |
|
|
<?php endforeach; ?>
|
427 |
|
|
</tbody>
|
428 |
|
|
</table>
|
429 |
|
|
</div>
|
430 |
|
|
|
431 |
c10cb196
|
Stephen Beaver
|
<nav class="action-buttons">
|
432 |
782922c2
|
Stephen Beaver
|
<a href="?act=new" class="btn btn-success btn-sm">
|
433 |
9d5a20cf
|
heper
|
<i class="fa fa-plus icon-embed-btn"></i>
|
434 |
782922c2
|
Stephen Beaver
|
<?=gettext("Add")?>
|
435 |
|
|
</a>
|
436 |
94404d94
|
Sander van Leeuwen
|
</nav>
|
437 |
fbf672cb
|
Matthew Grooms
|
<?php
|
438 |
a0165602
|
Sjon Hortensius
|
include("foot.inc");
|
439 |
|
|
exit;
|
440 |
fbf672cb
|
Matthew Grooms
|
}
|
441 |
|
|
|
442 |
ad2879b8
|
PiBa-NL
|
require_once('classes/Form.class.php');
|
443 |
a0165602
|
Sjon Hortensius
|
$form = new Form;
|
444 |
|
|
$form->setAction('system_authservers.php?act=edit');
|
445 |
ea342b0f
|
Stephen Beaver
|
|
446 |
a0165602
|
Sjon Hortensius
|
$form->addGlobal(new Form_Input(
|
447 |
|
|
'userid',
|
448 |
|
|
null,
|
449 |
|
|
'hidden',
|
450 |
|
|
$id
|
451 |
|
|
));
|
452 |
|
|
|
453 |
|
|
$section = new Form_Section('Server settings');
|
454 |
|
|
|
455 |
|
|
$section->addInput($input = new Form_Input(
|
456 |
|
|
'name',
|
457 |
|
|
'Descriptive name',
|
458 |
|
|
'text',
|
459 |
|
|
$pconfig['name']
|
460 |
|
|
));
|
461 |
|
|
|
462 |
|
|
$section->addInput($input = new Form_Select(
|
463 |
|
|
'type',
|
464 |
|
|
'Type',
|
465 |
|
|
$pconfig['type'],
|
466 |
|
|
$auth_server_types
|
467 |
44d906ca
|
Sjon Hortensius
|
))->toggles();
|
468 |
a0165602
|
Sjon Hortensius
|
|
469 |
|
|
$form->add($section);
|
470 |
6157f724
|
Stephen Beaver
|
|
471 |
|
|
// ==== LDAP settings =========================================================
|
472 |
a0165602
|
Sjon Hortensius
|
$section = new Form_Section('LDAP Server Settings');
|
473 |
44d906ca
|
Sjon Hortensius
|
$section->addClass('toggle-ldap collapse');
|
474 |
a0165602
|
Sjon Hortensius
|
|
475 |
|
|
if (!isset($pconfig['type']) || $pconfig['type'] == 'ldap')
|
476 |
|
|
$section->addClass('in');
|
477 |
|
|
|
478 |
|
|
$section->addInput(new Form_Input(
|
479 |
|
|
'ldap_host',
|
480 |
|
|
'Hostname or IP address',
|
481 |
|
|
'text',
|
482 |
|
|
$pconfig['ldap_host']
|
483 |
|
|
))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '.
|
484 |
5585e65d
|
Chris Buechler
|
'(CN) of the LDAP server\'s SSL Certificate.');
|
485 |
a0165602
|
Sjon Hortensius
|
|
486 |
|
|
$section->addInput(new Form_Input(
|
487 |
|
|
'ldap_port',
|
488 |
|
|
'Port value',
|
489 |
|
|
'number',
|
490 |
|
|
$pconfig['ldap_port']
|
491 |
|
|
));
|
492 |
|
|
|
493 |
|
|
$section->addInput(new Form_Select(
|
494 |
|
|
'ldap_urltype',
|
495 |
|
|
'Transport',
|
496 |
|
|
$pconfig['ldap_urltype'],
|
497 |
|
|
array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
|
498 |
|
|
));
|
499 |
|
|
|
500 |
|
|
if (empty($a_ca))
|
501 |
|
|
{
|
502 |
|
|
$section->addInput(new Form_StaticText(
|
503 |
|
|
'Peer Certificate Authority',
|
504 |
|
|
'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.'
|
505 |
|
|
));
|
506 |
fbf672cb
|
Matthew Grooms
|
}
|
507 |
a0165602
|
Sjon Hortensius
|
else
|
508 |
|
|
{
|
509 |
|
|
$ldapCaRef = [];
|
510 |
|
|
foreach ($a_ca as $ca)
|
511 |
|
|
$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
|
512 |
|
|
|
513 |
|
|
$section->addInput(new Form_Select(
|
514 |
|
|
'ldap_caref',
|
515 |
|
|
'Peer Certificate Authority',
|
516 |
|
|
$pconfig['ldap_caref'],
|
517 |
|
|
$ldapCaRef
|
518 |
|
|
))->setHelp('This option is used if \'SSL Encrypted\' option is choosen. '.
|
519 |
|
|
'It must match with the CA in the AD otherwise problems will arise.');
|
520 |
fbf672cb
|
Matthew Grooms
|
}
|
521 |
|
|
|
522 |
a0165602
|
Sjon Hortensius
|
$section->addInput(new Form_Select(
|
523 |
|
|
'ldap_protver',
|
524 |
|
|
'Protocol version',
|
525 |
|
|
$pconfig['ldap_protver'],
|
526 |
|
|
array_combine($ldap_protvers, $ldap_protvers)
|
527 |
|
|
));
|
528 |
|
|
|
529 |
d6b4dfe3
|
jim-p
|
$section->addInput(new Form_Input(
|
530 |
|
|
'ldap_timeout',
|
531 |
|
|
'Server Timeout',
|
532 |
|
|
'number',
|
533 |
|
|
$pconfig['ldap_timeout'],
|
534 |
|
|
['placeholder' => 25]
|
535 |
|
|
))->setHelp('Timeout for LDAP operations (seconds)');
|
536 |
|
|
|
537 |
905f6119
|
Stephen Beaver
|
$group = new Form_Group('Search scope');
|
538 |
|
|
|
539 |
c84db5bb
|
Stephen Beaver
|
$SSF = new Form_Select(
|
540 |
a0165602
|
Sjon Hortensius
|
'ldap_scope',
|
541 |
c84db5bb
|
Stephen Beaver
|
'Level',
|
542 |
a0165602
|
Sjon Hortensius
|
$pconfig['ldap_scope'],
|
543 |
|
|
$ldap_scopes
|
544 |
c84db5bb
|
Stephen Beaver
|
);
|
545 |
df8fca9d
|
Stephen Beaver
|
|
546 |
c84db5bb
|
Stephen Beaver
|
$SSB = new Form_Input(
|
547 |
a0165602
|
Sjon Hortensius
|
'ldap_basedn',
|
548 |
|
|
'Base DN',
|
549 |
|
|
'text',
|
550 |
|
|
$pconfig['ldap_basedn']
|
551 |
c84db5bb
|
Stephen Beaver
|
);
|
552 |
905f6119
|
Stephen Beaver
|
|
553 |
c84db5bb
|
Stephen Beaver
|
|
554 |
|
|
$section->addInput(new Form_StaticText(
|
555 |
|
|
'Search scope',
|
556 |
|
|
'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
|
557 |
|
|
));
|
558 |
a0165602
|
Sjon Hortensius
|
|
559 |
|
|
$group = new Form_Group('Authentication containers');
|
560 |
|
|
$group->add(new Form_Input(
|
561 |
|
|
'ldapauthcontainers',
|
562 |
|
|
'Containers',
|
563 |
|
|
'text',
|
564 |
|
|
$pconfig['ldap_authcn']
|
565 |
|
|
))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
|
566 |
|
|
'base dn above or you can specify full container path containing a dc= '.
|
567 |
|
|
'component.<br/>Example: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers');
|
568 |
504bd882
|
Stephen Beaver
|
|
569 |
a0165602
|
Sjon Hortensius
|
$group->add(new Form_Button(
|
570 |
|
|
'Select',
|
571 |
501efbd2
|
Stephen Beaver
|
'Select a container'
|
572 |
|
|
))->removeClass('btn-primary')->addClass('btn-default');
|
573 |
|
|
|
574 |
a0165602
|
Sjon Hortensius
|
$section->add($group);
|
575 |
|
|
|
576 |
2e101d89
|
Sander van Leeuwen
|
$section->addInput(new Form_Checkbox(
|
577 |
a0165602
|
Sjon Hortensius
|
'ldap_extended_enabled',
|
578 |
2e101d89
|
Sander van Leeuwen
|
'Extended query',
|
579 |
|
|
'Enable extended query',
|
580 |
a0165602
|
Sjon Hortensius
|
$pconfig['ldap_extended_enabled']
|
581 |
e39a41e9
|
Stephen Beaver
|
));
|
582 |
a0165602
|
Sjon Hortensius
|
|
583 |
2e101d89
|
Sander van Leeuwen
|
$group = new Form_Group('Query');
|
584 |
e39a41e9
|
Stephen Beaver
|
$group->addClass('extended');
|
585 |
|
|
|
586 |
a0165602
|
Sjon Hortensius
|
$group->add(new Form_Input(
|
587 |
|
|
'ldap_extended_query',
|
588 |
2e101d89
|
Sander van Leeuwen
|
'Query',
|
589 |
a0165602
|
Sjon Hortensius
|
'text',
|
590 |
|
|
$pconfig['ldap_extended_query']
|
591 |
2e101d89
|
Sander van Leeuwen
|
))->setHelp('Example: &(objectClass=inetOrgPerson)(mail=*@example.com)');
|
592 |
|
|
|
593 |
a0165602
|
Sjon Hortensius
|
$section->add($group);
|
594 |
|
|
|
595 |
|
|
$section->addInput(new Form_Checkbox(
|
596 |
|
|
'ldap_anon',
|
597 |
|
|
'Bind anonymous',
|
598 |
|
|
'Use anonymous binds to resolve distinguished names',
|
599 |
|
|
$pconfig['ldap_anon']
|
600 |
b0909f2e
|
Stephen Beaver
|
));
|
601 |
a0165602
|
Sjon Hortensius
|
|
602 |
|
|
$group = new Form_Group('Bind credentials');
|
603 |
b0909f2e
|
Stephen Beaver
|
$group->addClass('ldapanon');
|
604 |
|
|
|
605 |
a0165602
|
Sjon Hortensius
|
$group->add(new Form_Input(
|
606 |
|
|
'ldap_binddn',
|
607 |
|
|
'User DN:',
|
608 |
|
|
'text',
|
609 |
|
|
$pconfig['ldap_binddn']
|
610 |
|
|
));
|
611 |
b0909f2e
|
Stephen Beaver
|
|
612 |
a0165602
|
Sjon Hortensius
|
$group->add(new Form_Input(
|
613 |
|
|
'ldap_bindpw',
|
614 |
|
|
'Password',
|
615 |
|
|
'text',
|
616 |
|
|
$pconfig['ldap_bindpw']
|
617 |
|
|
));
|
618 |
|
|
$section->add($group);
|
619 |
|
|
|
620 |
ac9d8bed
|
Stephen Beaver
|
if (!isset($id)) {
|
621 |
|
|
$template_list = array();
|
622 |
|
|
|
623 |
|
|
foreach($ldap_templates as $option => $template) {
|
624 |
|
|
$template_list[$option] = $template['desc'];
|
625 |
|
|
}
|
626 |
a0165602
|
Sjon Hortensius
|
|
627 |
|
|
$section->addInput(new Form_Select(
|
628 |
|
|
'ldap_tmpltype',
|
629 |
|
|
'Initial Template',
|
630 |
|
|
$pconfig['ldap_template'],
|
631 |
ac9d8bed
|
Stephen Beaver
|
$template_list
|
632 |
a0165602
|
Sjon Hortensius
|
));
|
633 |
fbf672cb
|
Matthew Grooms
|
}
|
634 |
|
|
|
635 |
a0165602
|
Sjon Hortensius
|
$section->addInput(new Form_Input(
|
636 |
|
|
'ldap_attr_user',
|
637 |
|
|
'User naming attribute',
|
638 |
|
|
'text',
|
639 |
|
|
$pconfig['ldap_attr_user']
|
640 |
|
|
));
|
641 |
|
|
|
642 |
|
|
$section->addInput(new Form_Input(
|
643 |
|
|
'ldap_attr_group',
|
644 |
|
|
'Group naming attribute',
|
645 |
|
|
'text',
|
646 |
|
|
$pconfig['ldap_attr_group']
|
647 |
|
|
));
|
648 |
|
|
|
649 |
|
|
$section->addInput(new Form_Input(
|
650 |
|
|
'ldap_attr_member',
|
651 |
|
|
'Group member attribute',
|
652 |
|
|
'text',
|
653 |
|
|
$pconfig['ldap_attr_member']
|
654 |
|
|
));
|
655 |
|
|
|
656 |
149efbea
|
jim-p
|
$section->addInput(new Form_Checkbox(
|
657 |
|
|
'ldap_rfc2307',
|
658 |
|
|
'RFC 2307 Groups',
|
659 |
|
|
'LDAP Server uses RFC 2307 style group membership',
|
660 |
|
|
$pconfig['ldap_rfc2307']
|
661 |
|
|
))->setHelp('RFC 2307 style group membership has members listed on the group '.
|
662 |
|
|
'object rather than using groups listed on user object. Leave unchecked '.
|
663 |
|
|
'for Active Directory style group membership (RFC 2307bis).');
|
664 |
|
|
|
665 |
|
|
$section->addInput(new Form_Input(
|
666 |
|
|
'ldap_attr_groupobj',
|
667 |
|
|
'Group Object Class',
|
668 |
|
|
'text',
|
669 |
|
|
$pconfig['ldap_attr_groupobj'],
|
670 |
|
|
['placeholder' => 'posixGroup']
|
671 |
|
|
))->setHelp('Object class used for groups in RFC2307 mode. '.
|
672 |
|
|
'Typically "posixGroup" or "group".');
|
673 |
|
|
|
674 |
a0165602
|
Sjon Hortensius
|
$section->addInput(new Form_Checkbox(
|
675 |
|
|
'ldap_utf8',
|
676 |
|
|
'UTF8 Encode',
|
677 |
|
|
'UTF8 encode LDAP parameters before sending them to the server.',
|
678 |
|
|
$pconfig['ldap_utf8']
|
679 |
|
|
))->setHelp('Required to support international characters, but may not be '.
|
680 |
|
|
'supported by every LDAP server.');
|
681 |
|
|
|
682 |
|
|
$section->addInput(new Form_Checkbox(
|
683 |
|
|
'ldap_nostrip_at',
|
684 |
|
|
'Username Alterations',
|
685 |
|
|
'Do not strip away parts of the username after the @ symbol',
|
686 |
|
|
$pconfig['ldap_nostrip_at']
|
687 |
|
|
))->setHelp('e.g. user@host becomes user when unchecked.');
|
688 |
|
|
|
689 |
|
|
$form->add($section);
|
690 |
6157f724
|
Stephen Beaver
|
|
691 |
|
|
// ==== RADIUS section ========================================================
|
692 |
a0165602
|
Sjon Hortensius
|
$section = new Form_Section('Radius Server Settings');
|
693 |
44d906ca
|
Sjon Hortensius
|
$section->addClass('toggle-radius collapse');
|
694 |
a0165602
|
Sjon Hortensius
|
|
695 |
|
|
$section->addInput(new Form_Input(
|
696 |
|
|
'radius_host',
|
697 |
|
|
'Hostname or IP address',
|
698 |
|
|
'text',
|
699 |
|
|
$pconfig['radius_host']
|
700 |
|
|
));
|
701 |
|
|
|
702 |
|
|
$section->addInput(new Form_Input(
|
703 |
|
|
'radius_secret',
|
704 |
|
|
'Shared Secret',
|
705 |
|
|
'text',
|
706 |
|
|
$pconfig['radius_secret']
|
707 |
|
|
));
|
708 |
|
|
|
709 |
|
|
$section->addInput(new Form_Select(
|
710 |
|
|
'radius_srvcs',
|
711 |
|
|
'Services offered',
|
712 |
|
|
$pconfig['radius_srvcs'],
|
713 |
|
|
$radius_srvcs
|
714 |
|
|
));
|
715 |
|
|
|
716 |
|
|
$section->addInput(new Form_Input(
|
717 |
|
|
'radius_auth_port',
|
718 |
81ec3187
|
Chris Buechler
|
'Authentication port',
|
719 |
a0165602
|
Sjon Hortensius
|
'number',
|
720 |
df5d8616
|
Stephen Beaver
|
$pconfig['radius_auth_port']
|
721 |
a0165602
|
Sjon Hortensius
|
));
|
722 |
|
|
|
723 |
|
|
$section->addInput(new Form_Input(
|
724 |
|
|
'radius_acct_port',
|
725 |
df5d8616
|
Stephen Beaver
|
'Accounting port',
|
726 |
a0165602
|
Sjon Hortensius
|
'number',
|
727 |
|
|
$pconfig['radius_acct_port']
|
728 |
|
|
));
|
729 |
|
|
|
730 |
|
|
$section->addInput(new Form_Input(
|
731 |
|
|
'radius_timeout',
|
732 |
|
|
'Authentication Timeout',
|
733 |
|
|
'number',
|
734 |
|
|
$pconfig['radius_timeout']
|
735 |
|
|
))->setHelp('This value controls how long, in seconds, that the RADIUS '.
|
736 |
|
|
'server may take to respond to an authentication request. If left blank, the '.
|
737 |
|
|
'default value is 5 seconds. NOTE: If you are using an interactive two-factor '.
|
738 |
|
|
'authentication system, increase this timeout to account for how long it will '.
|
739 |
|
|
'take the user to receive and enter a token.');
|
740 |
|
|
|
741 |
|
|
if (isset($id) && $a_server[$id])
|
742 |
|
|
{
|
743 |
|
|
$section->addInput(new Form_Input(
|
744 |
|
|
'id',
|
745 |
|
|
null,
|
746 |
|
|
'hidden',
|
747 |
|
|
$id
|
748 |
|
|
));
|
749 |
6306b5dd
|
Ermal Lu?i
|
}
|
750 |
a0165602
|
Sjon Hortensius
|
|
751 |
|
|
$form->add($section);
|
752 |
|
|
print $form;
|
753 |
ac9d8bed
|
Stephen Beaver
|
?>
|
754 |
|
|
<script>
|
755 |
|
|
//<![CDATA[
|
756 |
|
|
events.push(function(){
|
757 |
501efbd2
|
Stephen Beaver
|
function select_clicked() {
|
758 |
|
|
if (document.getElementById("ldap_port").value == '' ||
|
759 |
7b4b0ad3
|
Stephen Beaver
|
document.getElementById("ldap_host").value == '' ||
|
760 |
|
|
document.getElementById("ldap_scope").value == '' ||
|
761 |
|
|
document.getElementById("ldap_basedn").value == '' ||
|
762 |
|
|
document.getElementById("ldapauthcontainers").value == '') {
|
763 |
501efbd2
|
Stephen Beaver
|
alert("<?=gettext("Please fill the required values.");?>");
|
764 |
|
|
return;
|
765 |
|
|
}
|
766 |
7b4b0ad3
|
Stephen Beaver
|
|
767 |
501efbd2
|
Stephen Beaver
|
if (!document.getElementById("ldap_anon").checked) {
|
768 |
|
|
if (document.getElementById("ldap_binddn").value == '' ||
|
769 |
7b4b0ad3
|
Stephen Beaver
|
document.getElementById("ldap_bindpw").value == '') {
|
770 |
501efbd2
|
Stephen Beaver
|
alert("<?=gettext("Please fill the bind username/password.");?>");
|
771 |
|
|
return;
|
772 |
|
|
}
|
773 |
|
|
}
|
774 |
|
|
var url = 'system_usermanager_settings_ldapacpicker.php?';
|
775 |
|
|
url += 'port=' + document.getElementById("ldap_port").value;
|
776 |
|
|
url += '&host=' + document.getElementById("ldap_host").value;
|
777 |
|
|
url += '&scope=' + document.getElementById("ldap_scope").value;
|
778 |
|
|
url += '&basedn=' + document.getElementById("ldap_basedn").value;
|
779 |
|
|
url += '&binddn=' + document.getElementById("ldap_binddn").value;
|
780 |
|
|
url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
|
781 |
|
|
url += '&urltype=' + document.getElementById("ldap_urltype").value;
|
782 |
|
|
url += '&proto=' + document.getElementById("ldap_protver").value;
|
783 |
|
|
url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
|
784 |
|
|
<?php if (count($a_ca) > 0): ?>
|
785 |
|
|
url += '&cert=' + document.getElementById("ldap_caref").value;
|
786 |
|
|
<?php else: ?>
|
787 |
|
|
url += '&cert=';
|
788 |
|
|
<?php endif; ?>
|
789 |
7b4b0ad3
|
Stephen Beaver
|
|
790 |
501efbd2
|
Stephen Beaver
|
var oWin = window.open(url, "pfSensePop", "width=620,height=400,top=150,left=150");
|
791 |
|
|
if (oWin == null || typeof(oWin) == "undefined") {
|
792 |
7b4b0ad3
|
Stephen Beaver
|
alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
|
793 |
501efbd2
|
Stephen Beaver
|
}
|
794 |
|
|
}
|
795 |
7b4b0ad3
|
Stephen Beaver
|
|
796 |
f3a43095
|
Stephen Beaver
|
function set_ldap_port() {
|
797 |
7b4b0ad3
|
Stephen Beaver
|
if($('#ldap_urltype').find(":selected").index() == 0)
|
798 |
f3a43095
|
Stephen Beaver
|
$('#ldap_port').val('389');
|
799 |
|
|
else
|
800 |
7b4b0ad3
|
Stephen Beaver
|
$('#ldap_port').val('636');
|
801 |
|
|
}
|
802 |
|
|
|
803 |
|
|
// Hides all elements of the specified class. This will usually be a section
|
804 |
|
|
function hideClass(s_class, hide) {
|
805 |
|
|
if(hide)
|
806 |
|
|
$('.' + s_class).hide();
|
807 |
|
|
else
|
808 |
|
|
$('.' + s_class).show();
|
809 |
f3a43095
|
Stephen Beaver
|
}
|
810 |
7b4b0ad3
|
Stephen Beaver
|
|
811 |
ac9d8bed
|
Stephen Beaver
|
function ldap_tmplchange() {
|
812 |
|
|
switch ($('#ldap_tmpltype').find(":selected").index()) {
|
813 |
|
|
<?php
|
814 |
|
|
$index = 0;
|
815 |
|
|
foreach ($ldap_templates as $tmpldata):
|
816 |
|
|
?>
|
817 |
|
|
case <?=$index;?>:
|
818 |
|
|
$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
|
819 |
|
|
$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
|
820 |
|
|
$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
|
821 |
|
|
break;
|
822 |
|
|
<?php
|
823 |
|
|
$index++;
|
824 |
|
|
endforeach;
|
825 |
|
|
?>
|
826 |
|
|
}
|
827 |
|
|
}
|
828 |
a0165602
|
Sjon Hortensius
|
|
829 |
eef93144
|
Jared Dillard
|
// ---------- On initial page load ------------------------------------------------------------
|
830 |
782922c2
|
Stephen Beaver
|
|
831 |
c4302457
|
Stephen Beaver
|
<?php if ($act != 'edit') : ?>
|
832 |
ac9d8bed
|
Stephen Beaver
|
ldap_tmplchange();
|
833 |
c4302457
|
Stephen Beaver
|
<?php endif; ?>
|
834 |
|
|
|
835 |
b0909f2e
|
Stephen Beaver
|
hideClass('ldapanon', $('#ldap_anon').prop('checked'));
|
836 |
501efbd2
|
Stephen Beaver
|
$("#Select").prop('type','button');
|
837 |
e39a41e9
|
Stephen Beaver
|
hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
|
838 |
7b4b0ad3
|
Stephen Beaver
|
|
839 |
f3a43095
|
Stephen Beaver
|
if($('#ldap_port').val() == "")
|
840 |
|
|
set_ldap_port();
|
841 |
ac9d8bed
|
Stephen Beaver
|
|
842 |
ea342b0f
|
Stephen Beaver
|
<?php
|
843 |
|
|
if($act == 'edit') {
|
844 |
|
|
?>
|
845 |
6157f724
|
Stephen Beaver
|
$('#type option:not(:selected)').each(function(){
|
846 |
7b4b0ad3
|
Stephen Beaver
|
$(this).attr('disabled', 'disabled');
|
847 |
6157f724
|
Stephen Beaver
|
});
|
848 |
7b4b0ad3
|
Stephen Beaver
|
|
849 |
2138c41b
|
Stephen Beaver
|
<?php
|
850 |
|
|
if(!$input_errors) {
|
851 |
7b4b0ad3
|
Stephen Beaver
|
?>
|
852 |
6157f724
|
Stephen Beaver
|
$('#name').prop("readonly", true);
|
853 |
ea342b0f
|
Stephen Beaver
|
<?php
|
854 |
2138c41b
|
Stephen Beaver
|
}
|
855 |
ea342b0f
|
Stephen Beaver
|
}
|
856 |
|
|
?>
|
857 |
eef93144
|
Jared Dillard
|
// ---------- Click checkbox handlers ---------------------------------------------------------
|
858 |
782922c2
|
Stephen Beaver
|
|
859 |
ac9d8bed
|
Stephen Beaver
|
$('#ldap_tmpltype').on('change', function() {
|
860 |
|
|
ldap_tmplchange();
|
861 |
|
|
});
|
862 |
b0909f2e
|
Stephen Beaver
|
|
863 |
7b4b0ad3
|
Stephen Beaver
|
$('#ldap_anon').click(function () {
|
864 |
|
|
hideClass('ldapanon', this.checked);
|
865 |
|
|
});
|
866 |
|
|
|
867 |
f3a43095
|
Stephen Beaver
|
$('#ldap_urltype').on('change', function() {
|
868 |
|
|
set_ldap_port();
|
869 |
7b4b0ad3
|
Stephen Beaver
|
});
|
870 |
|
|
|
871 |
|
|
$('#Select').click(function () {
|
872 |
|
|
select_clicked();
|
873 |
|
|
});
|
874 |
504bd882
|
Stephen Beaver
|
|
875 |
e39a41e9
|
Stephen Beaver
|
$('#ldap_extended_enabled').click(function () {
|
876 |
|
|
hideClass('extended', !this.checked);
|
877 |
|
|
});
|
878 |
504bd882
|
Stephen Beaver
|
|
879 |
ac9d8bed
|
Stephen Beaver
|
});
|
880 |
|
|
//]]>
|
881 |
|
|
</script>
|
882 |
|
|
<?php
|
883 |
81ec3187
|
Chris Buechler
|
include("foot.inc");
|